Forwarded From: Liam Colvin <randomat_private> Originally From: Windows NT Security Mailing List Originally To: NTSECURITYat_private | Fernando asked... | >Does anyone know about this new NT server bug (as reported by PCWeek, | >http://www.zdnet.com/pcweek/stories/news/0,4153,374497,00.html) If the article or web site had stated that they were merely trying to remind people of some news that is now nearly 20 months old that would have been fine. Unfortunately, neither tried to do that and both seem to imply this is something new. I don't normally remind people of old issues (that's what the NTBugtraq archives are for), but the ZD story sorta compels me to do this. Andy Baron first discovered the availability and usability of Null Session access when he announced the "RedButton Bug" on NTBugtraq back on April 18th, 1997!!! See <http://ntbugtraq.ntadvice.com/page_archives_wa.asp?A2=ind9704&L=ntbugtraq&F =P&S=&P=14066> for that original announcement. There are a lot of messages associated with that announcement which you can peruse through the archive site <http://ntbugtraq.ntadvice.com/archives>. Please note that David LeBlanc made a utility available, through me, to stop Andy's demonstration program. It was called everyone2user.exe. This program is no longer available, and was not needed after the release of SP3 from Microsoft (see KB article above). Please don't ask me or David for it!! If there's going to be any further discussion about this "New NT Server bug", let's make sure you've read through the age old threads on this first and have something new to say about it. Cheers, Russ - NTBugtraq moderator -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:13:09 PDT